Ref: https://learn.cantrill.io/courses/1820301/lectures/41301501
TGW - Key Concepts
- 🔧 NW Transit Hub to connect VPCs with each other and to on-premises NWs
- Connection to on-prem NWs via S2S VPNs and DX
- đź‘ŤÂ Important benefit: Significantly reduces NW complexity
- Single NW object (like IGW)
- HA in region, resilient, and scalable
- Connects to other NW objects via Attachments
- VPC attachments, S2S VPN attachments & DX GW attachments
- Features
- Come with default Route Table → how traffic is routed between attachments
- Can use multiple RTs to create complex routing topology
- ‼️ Supports transitive routing!! Throughout VPCs and on-prem NWs!
- No need to create complex NW mesh topologies
- Integration with DX GWs (uses transit VIF)
- Can be used to create global NWs → TGW peering
- Cross-region & cross-account support!
- Cross-region data uses AWS global NW → higher performance than internet
- Share TGWs between accounts using AWS Resource Access Manager (RAM)
- 💡 AWS RAM = service which allows cross-account sharing of products & services
TGW Network Complexity Example
Network Topology without TGW
- VPC peering NOT transitive → every VPC must peer with all others → scales poorly
- Many VPN tunnels
- S2S VPNs also NOT transitive → must also connect to every VPC
- Two CGWs required for HA
- 💡 Full mesh network is complex → lots of admin overhead
- Scales very badly the more VPCs and on-prem NWs you add
Network Topology with TGW
- âť—Â ONE single TGW
- S2S VPN attachment → TGW is the AWS-side termination point for VPN (no longer VGWs!)
- Much fewer VPN tunnels… while still being HA!